New DOJ guidance adds new complexity and costs to export control and sanctions investigations and disclosures

December 2016 | PROFESSIONAL INSIGHT | RISK MANAGEMENT

Financier Worldwide Magazine

December 2016 Issue

On 2 October, the US Department of Justice (DOJ) raised the stakes for companies contemplating voluntary disclosure of possible violations of export control and sanctions laws and regulations by issuing new guidance encouraging companies to submit disclosures of such violations to DOJ, as well as the agency responsible for civil enforcement. As a result, companies engaged in exports and regulated international business activities will be forced to re-evaluate their approach to voluntary disclosures to take into account a greater likelihood of simultaneous criminal and administrative investigations.

The new guidance, entitled ‘Guidance Regarding voluntary Self-Disclosures, Cooperation, and Remediation in Export Control and Sanctions Investigations Involving Business Organizations’ (the Guidance), was issued by the Counterintelligence and Export Control Section (CES) of the National Security Division (NSD) of DOJ. CES is the section within DOJ responsible for prosecuting criminal violations of US export control and sanctions regimes, other than sanctions violations involving financial institutions, which are handled by a different section. As a result of this bifurcation of jurisdiction, the Guidance does not apply to violations of economic sanctions that do not involve financial institutions. Furthermore, despite the broad title, the Guidance is applicable only to disclosures involving criminal violations within the scope of the CES remit.

According to the Guidance, its purpose is threefold. First, it is designed to memorialise NSD policy of encouraging companies to voluntarily disclose violations of the Arms Export Control Act (AECA), which is the statutory authority for the International Traffic in Arms Regulations (ITAR) and the International Emergency Economic Powers Act (IEEPA), which is the statutory authority for the Export Administration Regulations (EAR) and the Executive Orders and regulations administered by the Office of Foreign Assets Control of the US Department of the Treasury (OFAC).

Second, the Guidance is intended to implement the so-called ‘Yates Memorandum’ in cases involving violations of these statutes. The Yates Memorandum, issued on 9 September 2015, called for US Attorneys and various sections of DOJ, including NSD, to seek greater accountability of individuals involved in corporate wrongdoing.

Finally, the Guidance also implements provisions of the US Attorneys’ Manual relating to voluntary disclosures of export control and sanctions violations by identifying the possible benefits for corporations that avail themselves of the disclosure process and providing criteria for the exercise of prosecutorial discretion in such cases.

The Guidance follows on the heels of the Foreign Corrupt Practices Act (FCPA) Enforcement Planand Guidance issued by the Fraud Section of the DOJ on 5 April this year, which established a one-year pilot programme (the Pilot Programme) designed to motivate voluntary disclosures of violations of the FCPA and guide prosecutors in resolving such cases.

However, unlike the Pilot Programme, which applies principally to criminal corruption for which there is no civil enforcement jurisdiction, the Guidance represents an additional layer in a regulatory environment with a long history of encouragement of voluntary disclosures and transparency regarding the reasons for the exercise of agency discretion in resolving such cases.

On the ITAR front, the Directorate of Defense Trade Controls (DDTC) of the US Department of State administers a voluntary disclosure programme described in detail in Section 127.12 of the ITAR, which spells out the circumstances under which a disclosure will be considered ‘voluntary’ (i.e., a mitigating factor), the required contents of the disclosure (including the names of all persons known or suspected to be involved in the disclosure), and the mitigating factors that may be considered by DDTC in determining whether to impose penalties or refer the case to DOJ. Penalty and oversight agreements dating back almost 40 years are posted on the DDTC website and provide considerable transparency regarding the disposition of administrative enforcement of the ITAR.

Both the Bureau of Industry and Security (BIS) of the US Department of Commerce (which administers the EAR) and OFAC also have well-developed voluntary disclosure programmes. Unlike the Guidance, both of these agencies take a fairly formulaic approach to spelling out how penalty determinations will be made. The voluntary disclosure process and the methodology used to determine the outcome of a case as well as the amount of any penalty deemed appropriate are spelled out in the applicable regulations. Like DDTC, both of these agencies publish a considerable amount of information regarding cases in which penalties have been imposed.

Curiously, the Guidance makes no specific reference to any of the agency programmes, although it does state that a disclosure made concurrently with the mandatory disclosure to DDTC of any violation involving an arms embargoed country will be considered voluntary.

All three agencies traditionally have cooperated closely with law enforcement with a view to making referrals to DOJ when appropriate. Indeed, the BIS voluntary disclosure programme is administered by its Office of Export Enforcement (OEE), which is itself a law enforcement agency. Still, of the numerous major export controls and sanctions-related enforcement cases summarised on the DOJ website (dating back to 2101), only a few arose out of criminal conduct by major corporations. The vast majority involved individuals who were intent on using subterfuge to obtain controlled items and technology illegally (including by theft of trade secrets and otherwise duping their suppliers and US employers, many of whom cooperated in the investigations leading to the guilty pleas and convictions).

CES apparently takes the view that more cases should be referred to it by DDTC, BIS and OFAC for investigation of possible criminal conduct, but, apart from emphasising the need for individual accountability on the part of officers, employees and agents of corporations involved in violations, gives no indication of the types of cases that it believes should have been referred. The agencies, on the other hand, have long given heavy weight to the importance of obtaining information critical to mitigating harm to national security through the voluntary disclosure process. Wilful conduct was considered as an aggravating factor but the presence of wilful conduct in and of itself has not traditionally led to criminal referral. In view of the Guidance, however, a simultaneous disclosure to DOJ may lead to the assumption on the part of the administrative agencies that wilful criminal activity has occurred based solely on the filing with DOJ. If this occurs, and companies become reticent to file voluntary disclosures with the agencies as a result of the Guidance, a key source of intelligence for the agencies may dry up. This will eliminate an important opportunity to encourage better compliance and achieve national security or foreign policy benefits through the administrative process and its contribution to effective compliance strategies.

The Guidance states that in order to receive voluntary disclosure credit for DOJ purposes, among other things, a company must disclose to both CES and the appropriate regulatory agency within a “reasonably prompt time” after becoming aware of the offence. However, although not stated in the Guidance, CES acknowledges that it does not want to see all disclosures to the agencies, only those in connection with which there is reason to believe that criminal violations have occurred. CES also recognises that evidence of possible criminal conduct may not emerge until an investigation has been ongoing for some time. All of the agency voluntary disclosure programmes require prompt initial notification of possible violations, followed by an internal investigation and submission of detailed findings, including the root cause of the violation and corrective actions that address the root cause. The new Guidance may cause companies to delay filing initial notifications until they have a better sense of whether wilful activity requiring a disclosure to CES was involved, thereby jeopardising the mitigation credit available to them under the agency disclosure programmes and potentially further harming national security by not providing the agencies with timely notice of potential issues.

Not surprisingly, the Guidance identifies as potential aggravating circumstances activities tied to the CES enforcement priorities: i.e., violations involving weapons of mass destruction, missile technology or cyber exfiltration of export-controlled data; violations relating to terrorist activities or arms embargoed countries (especially China); and violations by corporate entities and officials involving upper management in the criminal conduct. Repeated violations (including similar administrative violations) and significant profits from the criminal conduct also are cited in the Guidance as aggravating circumstances that could lead to “a more stringent resolution” of a case. In cases where these factors are present, there likely will be a considerable risk of criminal penalties and companies should give careful consideration to the impact of the Guidance in such cases.

Full cooperation credit under the Guidance will require actions not typically involved in most disclosures to the agencies, including making employees and former employees available for interviews and disclosing all relevant facts rather than a general narrative, including disclosure of sources (subject, of course, to Fifth Amendment rights and attorney-client privilege). In the export control context in particular, many disclosures traditionally have been handled by in-house compliance teams or outside consultants without involvement of either in-house or outside lawyers. Meeting the CES cooperation standards will increase the costs associated with disclosures of export control and sanctions violations because proper assessment of the risks and benefits of disclosure to both the agencies and CES will require input from attorneys experienced in investigation and defence of potential criminal violations.

It remains to be seen what changes the Guidance will bring to the way in which CES and the agencies work together. In the meantime, companies submitting disclosures must be cognisant of the heightened risk of criminal penalties. They should carefully consider the risks and benefits of disclosure in the new ‘post-Guidance’ era and put together a team of both compliance personnel and regulatory and criminal defence attorneys to guide them through the process.

Barbara D. Linney is a member of Miller & Chevalier Chartered. She can be contacted on +1 (202) 626 5806 or by email: blinney@milchev.com.